In the context of deploying software applications at the enterprise level, the term “entitlement” refers to the process of determining if a user is permitted access to an application, e.g., according to a licensing arrangement or a company policy. The term “provisioning” refers to the process of actually giving a user an application, or making it accessible to the user. Provisioning generally occurs only after entitlement has been determined.
Traditionally, desktop-application entitlement and provisioning was accomplished by running an installer program or script to install an application on a computing system (e.g., a hardware device with platform software) associated with a user who has a license/permission to use the application. Often, such an installation can be automated.
Some applications, referred to herein as “thin applications,” do not require a full-blown installation (e.g., including registry settings) on the user's computing system and can run from a simple executable file that merely needs to be copied to the user's disk. For example, thin applications include many virtualized applications, such as those virtualized using ThinApp™, available from VMware, Inc. of Palo Alto, Calif. Similarly, other applications may be accessed remotely over a network, and need very little, if any, customization of the user's device. For example, applications may be accessed remotely using a virtual desktop infrastructure (VDI) solution, such as VMware View™, a desktop-remoting system that includes a thin client accessed directly by a user, which remotes to a desktop from a remote virtual machine. In another example, a terminal server hosting user applications may be accessed using a browser or other thin client.
Likewise, software as a Service (SaaS) applications, by their nature as cloud-based applications, generally do not require installation or modification of the user's system or device. SaaS applications are generally web-based, e.g., accessed and used through a web browser. This simplifies provisioning, but can complicate both authentication and entitlement enforcement. For a SaaS application, a user typically authenticates with the SaaS provider, e.g., by providing a user identifier and password combination, before the SaaS will connect the user to his/her account and grant access to a particular application.
As software development shifts away from traditional applications to virtualized applications, remote applications, and SaaS applications, a need arises for a centralized approach to managing the entitlement and provisioning of such applications on a growing number of client devices that use a growing number of access channels (e.g., mobile devices such as smartphones that use Wi-Fi networks).